OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulne…

OpenEMR, a free and open source electronic health records and medical practice management application, contains a SQL injection vulnerability in versions prior to 8.0.0.3. The vulnerability exists in the ajax_save CAMOS form and can be exploited by authenticated attackers. The issue stems from insufficient input validation in the ajax_save page within the CAMOS form. This vulnerability allows authenticated users to potentially execute malicious SQL queries against the database. The vulnerability has been patched in version 8.0.0.3 of OpenEMR.